On 30 Sep 2014, at 10:53, Mai Ling wrote:
Every now and then people ask for ways to skip some or all checks defined in header_checks done by the cleanup daemon, then they learn[1] that due to postifx design they must figure out workarounds or use external filters.
It seems that you may not have read Postfix's CONTENT_INSPECTION_README, or perhaps not really understood it.
The reason that header_checks and it's evil twin body_checks are unfit for primary content filtering is because they are explicitly not designed for that role. When you try to use it as such, you will get lousy results. That leads to important users and/or senders needing exemptions from the dull hatchetwork of an over-used header_checks. If there is some mail you absolutely never want to accept for any reason ever that can be unequivocally identified by a single header, header_checks is a great tool for THAT task. If you get traffic from a mailing list that inexplicably fails to provide certain headers from RFC2919 and RFC2369 that MUAs find useful, header_checks can often fix THAT flaw. Being flooded by spam using an encoding specific to a language that none of your users can read: a PERFECT task for header_checks. It is a simple tool designed for simple tasks that sometimes can overwhelm a more complex tool (e.g. a comprehensive spam filter) by their sheer volume.
Please don't encourage the shoddy practice of using header_checks for general spam filtering. The workarounds to make some mail bypass it add complexity just as an external milter or SMTP proxy spam filter would, without the benefit of providing actually *good* spam filtering.
